[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#705552: unblock: subversion/1.6.17dfsg-4+deb7u2

On 17.04.2013 05:35, Salvatore Bonaccorso wrote:

On Tue, Apr 16, 2013 at 06:05:23PM +0200, Thomas Preud'homme wrote:

For #704940 I took the patch from the corresponding CVE entries
(CVE-2013-1845, CVE-2013-1846, CVE-2013-1847, CVE-2013-1849). There is 
no patch for CVE-2013-1884 since it doesn't affect the version in
wheezy.


For CVE-2013-1884: could you please double check this with Mike
Gilbert? He mentioned in IRC that this also affects the older versions 
and updated the tracker[1].

 [1]: https://security-tracker.debian.org/tracker/CVE-2013-1884
Upstream appear to believe it {does,should}n't - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704940#32 

Regards,

Adam
Reply to: